The widely-advertised app can't detect moles

We may have finally heard the last of the "Mole Detective." The Federal Trade Commission has wound up its action against promoters of an app that claimed it could detect skin cancer, or melanoma after the last defendant agreed to a settlement.

Avrom Lasarow settled FTC charges that he and other promoters made false and unsubstantiated claims for the app, which sold in the Apple and Google app stores for up to $4.99.

Melanoma kills an estimated 10,000 people in the U.S. each year.

“We haven’t found any scientific evidence that Mole Detective can accurately assess melanoma risk,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “If you’re concerned that a mole may be cancerous, please see a health professional.”

In a statement to ConsumerAffairs, Lasarow called the FTC's approach "a real disappointment" and said his decision to settle was based on the cost of litigation.

Lasarow and his company took over marketing the Mole Detective app in August 2012, after it was originally developed and marketed by Kristi Kimball and her company, New Consumer Solutions LLC, and added derivative apps like “Mole Detect Pro.”

Deceptive claims

The Mole Detective apps instructed users to photograph a mole with a smartphone and input other information about the mole. The apps then supposedly determined the mole’s melanoma risk to be low, medium, or high.

The FTC alleged that the marketers deceptively claimed that the apps accurately analyzed melanoma risk and could assess such risk in early stages. The marketers lacked adequate evidence to support such claims, the FTC charged.

We may have finally heard the last of the "Mole Detective." The Federal Trade Commission has wound up its action against promoters of an app that claimed it could detect skin cancer, or melanoma after the last defendant agreed to a settlement.

Avrom Lasarow settled FTC charges that he and other promoters made false and unsubstantiated claims for the app, which sold in the Apple and Google app stores for up to $4.99.

Consumers should be cautious before surrendering personal data

Shopping apps are OK as far as they go, but a study by the Federal Trade Commission says they often don't go far enough in disclosing important information to consumers.

What kind of information? Well, how the apps manage payment disputes, how the customer's personal data is handled and so forth.

“As mobile apps become more central to the shopping experience, it’s important that consumers have meaningful information about how those apps work before they download them,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Consumers should not be left in the dark about their potential liability for erroneous or unauthorized charges or about the way shopping apps handle their data.”

The report, “What’s the Deal? An FTC Study on Mobile Shopping Apps (pdf),” looked at some of the most popular apps used by consumers to comparison shop, collect and redeem deals and discounts, and pay in-store with their mobile devices. It builds on the findings of a 2012 workshop on mobile payments, which raised concerns about consumers’ potential financial liability as well as the privacy and security of their data.

121 apps

FTC staff surveyed a total of 121 different shopping apps across the Google Play and Apple App Stores. The survey included 47 price comparison apps, which let consumers compare prices on a particular item in real-time; 50 “deal” apps, which provide consumers with coupons or discounts; and 45 in-store purchase apps, which enable consumers to use their phones to pay for goods they purchase in physical stores. Several apps were found in more than one category.

The report makes a number of recommendations to companies that provide mobile shopping apps to consumers:

1. Apps should make clear consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions.

2. Apps should more clearly describe how they collect, use, and share consumer data.

The report also recommends that companies, whose apps promise consumer safeguards for their data, follow through on those promises. Specifically, the report recognizes that technology advances found in smartphones can offer the potential for increased data security and encourages all companies to provide strong protections for the data they collect.

Consumer awareness

Beyond recommendations for companies, the report also urges consumers to closely examine the apps’ stated policies on issues like dispute resolution and liability limits, as well as privacy and data security and evaluate them in choosing which apps to use.

The report also notes that when apps do not provide that information, consumers should consider using alternative apps, or in the case of missing dispute resolution policies, limit the dollar amount used to fund stored value accounts.

Shopping apps are OK as far as they go, but a study by the Federal Trade Commission says they often don't go far enough in disclosing important information to consumers.

What kind of information? Well, how the apps manage payment disputes, how the customer's personal data is handled and so forth.

“As mobile apps become more central to the shopping experience, it’s important that consumers have meaningful information about how those apps work before they downlo...

Study finds more than half of all app users have uninstalled or decided not to install apps for privacy reasons

Most apps are free or close to it, and many provide at least marginally useful services but a new study finds that privacy concerns are driving users away from apps.

The Pew Internet study found that 88% of American adults use cell phones. Some 43% of these cell owners now download apps to their phones but as apps grow more popular, privacy concerns are growing, the study found:

54% of app users have decided to not install a cell phone app once they discovered how much personal information they would need to share in order to use it

30% of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn’t wish to share

Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons.

Owners of Android and iPhone devices are also equally likely to delete (or avoid entirely) cell phone apps due to concerns over their personal information.

Younger cellphone users were twice as likely as older users to report that "someone has accessed phone in a way that felt like privacy invasion." This poll follows another survey by Pew that found that users were becoming more active in managing their social media accounts.

Male app users were slightly more likely than female app users to say they have uninstalled an app because it was sharing too much of their personal information. Men and women are equally likely to avoid apps entirely based on personal privacy concerns.

Most apps are free or close to it, and many provide at least marginally useful services but a new study finds that privacy concerns are driving users away from apps.

The Pew Internet study found that 88% of American adults use cell phones. Some 43% of these cell owners now download apps to their phones but as apps grow more popular, privacy concerns are growing, the study found:

Taken together, 57% of all app users have either uninstalled an app over concerns about having...

If your device has been bedeviled by pop-up ads, these months-old apps might be why

02/04/2015 | ConsumerAffairs

By Jennifer Abel

If your Android phone or tablet has been acting funny lately, especially if malware-infested pop-up ads keep erupting on your screen, some months-old entertainment apps you downloaded from the Google Play store might be to blame.

Yesterday, the Avast security blog reported the discovery that several popular apps, including the English-language card game Durak, and a Russian-language IQ test and history app, not only infected devices with nasty malware, but waited up to 3...

You wouldn't think that a Jay-Z app would collect all kinds of personal data about you, but a consumer privacy group says that "Magna Carta Holy Grail" app does just that.

The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission against Samsung, the publisher of the app, which it says "collected massive amounts of personal information from users and required substantial user permissions."

EPIC says Samsung failed to disclose details of the privacy practices of the app, collected user data far beyond what was necessary and failed to give consumers any reasonable choice in the matter.

Approximate user location using cell site locations and Wi-Fi networks;

Precise user location using the Global Positioning System (GPS), cell site locations, and Wi-Fi networks;

Mobile device identifiers, including the International Mobile Subscriber Identity and International Mobile Station Equipment Identity numbers, both of which are unique identifiers;

Time periods during which the phone is active;

Telephone numbers dialed; and

The identity of other applications installed on the device.

According to EPIC's complaint, the app can run in the background whenusers switch to other apps on their mobile devices; can continue toconnect to the Internet while running; signs in as soon as users'phones are switched on, and has access to the phones' vibration and"sleep" functions.

"The number of permissions requested" by the app, EPIC says, "verges on parody."

EPIC's complaint further alleges that the "Magna Carta" app includes hidden spam techniques that force users to promote the album. The app requires users to log in to their Facebook or Twitter accounts in order to access any of the content:

"In the run-up to the album's release," EPIC contends, "the Magna Carta App allowed users to view song lyrics, but only if the user posted a tweet or Facebook status update promoting the fact that they had unlocked each lyric."

EPIC has asked the Commission to investigate Samsung and enjoin the company's unfair and "deceptive data collection practices for any future apps that it may offer."

You wouldn't think that a Jay-Z app would collect all kinds of personal data about you, but a consumer privacy group says that "Magna Carta Holy Grail" app does just that.

The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission against Samsung, the publisher of the app, which it says "collected massive amounts of personal information from users and required substantial user permissions."

Because foodies need all the help they can get trying to figure out what to eat

It's hard not to be a foodie nowadays. With new restaurants popping up left and right and 24-hour food channels, many of us have tasty dishes on our minds all the time.

When it comes to figuring out what to eat, what to cook and which restaurants to visit, there are countless numbers of apps and websites to help you. So we pulled some of the best

Evernote Food

On Evernote Food, you can search for recipes and lock them into your device, look for restaurants in or out of your area, take photos of the things you eat and cook and share those photos with your Facebook and Twitter followers.

And the restaurant search feature lets you search by cuisine.

For those folks who like to take photos of their meals when they go out to eat, there is a My Meals feature that allows you to add and save images and keep a record off all the restaurants you've been to.

You can write little notes on the photos, too if you're interested in documenting each meal experience and detailing things like how good the dish was, how the restaurant looked and so on.

The My Cookbook feature lets you organize recipes based on ingredients or a particular diet, which can be really helpful. The only downside to the app -- based on a few reviews -- is that it's a little bit hard to pull up recipes after you've saved them.

"Love the looks of this app, especially for the price," one user wrote. But "why wade through every recipe looking for something when I know I want a salad or a soup."

Users hope the makers of the Evernote Food app will eventually make searching for recipes a lot easier. The price to download it is $4.99

Big Oven

The app BigOven is supposed to have 250,000 recipes in total. You can search for them either by ingredient or by course, or you can scroll through different meal ideas until you find what you're looking for. Plus, there's a cool leftover feature.

All you have to do is type in three ingredients and the app will suggest a meal idea based on them. This obviously can be very useful when you have no idea what to prepare.

The app will give you recipe reviews, too and you can share what you cooked on your social media page. Big Oven also lets you see what your friends and followers are cooking as well.

Fooducate

Fooducate which helps consumers pick the healthiest foods. The creators claim it has the largest database of nutrition information and all you have to do is pick up an item in the store and scan it.

From there, the app tells you how much sugar is in the product, how much trans fat it has, how much high fructose corn syrup is inside and what kind of additives and preservatives the product has.

In addition, it tells you if the product has any GMOs, artificial sweeteners or any other ingredients that you may be trying to avoid.

One user said the app taught him a lot about nutrition. "I really like this app," the user wrote. "It is easy to track what you eat and it is very educational."

Vegetarian alternatives

What if you're a vegetarian? Are there some good apps out there for you?

The answer is yes -- a bunch. Among them is VeganXpress, which helps you find out which items are vegan in non-vegan restaurants.

For example, you're eating with your friends at Carrabba's, let's say, and you have no idea what the vegan dishes are.

All you have to do is pull up the restaurant on your device, and the app will tell you what you can order and what you'll have to stay away from, if you're trying to follow a vegan diet.

VeganXpress is good for travelers too, especially those who may not know where to get a good vegetarian meal when they're out of town.

The makers say the app has about 130 popular restaurants listed, so there's a good chance you'll be able to find what you're looking for when you're dining out.

So there you go. A few apps to assist the foodie, because with a rapidly changing food scene, consumers can use all the help they can get when they want to figure out what to eat.

It's hard not to be a foodie nowadays. With new restaurants popping up left and right and 24-hour food channels, many of us have tasty dishes on our minds all the time.

When it comes to figuring out what to eat, what to cook and which restaurants to visit, there are countless numbers of apps and websites to help you. So we pulled some of the best

On Evernote Food, you can search for recipes and lock them into your device, look for restaurants in or out of your area, ...

The app developer left users in the dark and lied to them, feds charge

You wouldn't expect your flashlight to spy on you, but the Federal Trade Commission says that's just what one of the most popular Android apps does.

The "Brightest Flashlight Free" app has been download millions of times by Android users who, presumably, never expected that the app would report their whereabouts to the app developer, Goldenshores Technologies LLC, and its clients.

The FTC filed a complain against the company and its manager, Erik M. Geidl, charging that the company's privacy policy deceptively fails to disclose that the app will report their geolocation and unique device identifier to third parties, mostly advertising and marketing networks.

In addition, the complaint alleged that the company deceived consumers by presenting them with an option to not share their information, even though it was shared automatically rendering the option meaningless.

The company has settled the complaint by agreeing to stop spying on its users and delete any information it still has about them.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “But this flashlight app left them in the dark about how their information was going to be used.”

A few facts omitted

In its complaint, the FTC alleges that Goldenshores’ privacy policy told consumers that any information collected by the Brightest Flashlight app would be used by the company, and listed some categories of information that it might collect. The policy, however, did not mention that the information would also be sent to third parties, such as advertising networks.

Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement.

Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

The settlement with the FTC prohibits the defendants from misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used. The settlement also requires the defendants to provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so.

The defendants also will be required to delete any personal information collected from consumers through the Brightest Flashlight app.

You wouldn't expect your flashlight to spy on you, but the Federal Trade Commission says that's just what one of the most popular Android apps does.

The "Brightest Flashlight Free" app has been download millions of times by Android users who, presumably, never expected that the app would report their whereabouts to the app developer, Goldenshores Technologies LLC, and its clients.

The FTC filed a complain against the company and its manager, Erik M. Geidl, cha...

Major wireless carriers have caved to pressure from the new Federation Communications Commission (FCC) chairman and agreed to let consumers unlock their cell phones when their contracts expire.

The new code agreed to by the carriers -- AT&T, Sprint, T-Mobile, U.S. Cellular and Verizon -- requires them to notify consumers when their phones are eligible for unlocking and to allow them to do so at no charge.

"We believe this agreement will continue to foster the world-leading range of devices and offerings that Americans enjoy today," said Steve Largent, president of CTIA, the wireless industry's trade group. "The robust and differentiated technological ecosystem has brought unparalleled and world-leading benefits to American wireless users, in the form of high-end and affordable devices, post- and pre-paid options, and with the world’s most advanced devices being launched first in the United States."

FCC Chairman Tom Wheeler -- a highly respected former wireless and cable industry executive and lobbyist -- has let it be known lately that the time has come for carriers to let consumers claim full ownership of their devices.

Currently, when consumers buy a smartphone or a plain old cell phone, they typically pay only a fraction of the actual cost of the phone. The carrier subsidizes the purchase and, in effect, amortizes it over a two- to three-year contract.

It's possible to buy unlocked phones now but they tend to be three or four times more expensive than the subsidized versions, so consumers may not be as thrilled with unlocked phones as one might think.

On the other hand, unlocking makes it possible to price shop among networks and, sometimes, to sign up for international service when traveling overseas at much lower cost than would otherwise be the case.

Largent cautioned there's also the little matter of frequencies. Different carriers use different frequencies and cell phones are generally manufactured to operate on the specific frequencies of the carrier that sells them.

“It is important that consumers know that unlocking devices may not necessarily mean full interoperability since devices that work on one provider’s network may not be technologically compatible with another wireless provider’s network. Additionally, unlocking a device may enable some functionality of the device but not all (e.g., an unlocked device may support voice services but not data services when activated on a different network)," he said.

It's not clear when CTIA's new code will go into effect.

Major wireless carriers have caved to pressure from the new Federation Communications Commission (FCC) chairman and agreed to let consumers unlock their cell phones when their contracts expire.

The new code agreed to by the carriers -- AT&T, Sprint, T-Mobile, U.S. Cellular and Verizon -- requires them to notify consumers when their phones are eligible for unlocking and to allow them to do so at no charge.

It's intended to help consumers keep control of their wireless usage ... and bills

You want to find the car that gives you the best mileage and the refrigerator that won't inflate your electricity bill to the size of the national debt, right?

So it stands to reason you'll want to know how much expensive bandwidth that new app you -- or you offspring -- are thinking of loading onto your smartphone. That's the thinking behind a new website put together by CTIA-The Wireless Association, the oddly-named trade association of the cell phone industry.

There are already tools that will tally up data usage after the fact but CTIA says KnowMyApp.org is the first one to give you a heads-up before you hit the download button.

Visitors to KnowMyApp.org may search by name, operating systems or categories. After locating and clicking the desired app, users will find the following information:

How the app was tested;

How much data is used when downloaded, at initialization (both first and subsequent start-ups to analyze caching), during active run time and during background time;

Currently, KnowMyApp.org includes test results for the 50 top paid and free apps from Apple and Google stores with more being tested and added each month.

For example, here's what the site has to say about the Netflix app for Android:

To put it plainly, watch a few video shorts each day and watch your monthly bandwidth allotment disappear.

CTIA is also providing tips and best practices guides to app develpers to help them develop apps that don't consumer gigantic amounts of broadband.

You want to find the car that gives you the best mileage and the refrigerator that won't inflate your electricity bill to the size of the national debt, right?

So it stands to reason you'll want to know how much expensive bandwidth that new app you -- or you offspring -- are thinking of loading onto your smartphone. That's the thinking behind a new website put together by CTIA-The Wireless Association, the oddly-named trade association of the cell phone industry.

Company agrees to submit to 20-year privacy management program

Snapchat had a great thing going. Or at least it seemed to. The mobile messaging app promised consumers that they could say anything without worrying about it coming back to haunt them and promised that all communications were secure.

But the Federal Trade Commission says it wasn't so, and charged that Snapchat deceived consumers with promises about the disappearing nature of messages sent through the service.

The FTC case also alleged that Snapchat deceived consumers about the amount of personal data it collected and the security measures taken to protect that data. In fact, the case alleges, Snapchat’s failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

Snaps don't always disappear

Touting the “ephemeral” nature of “snaps,” the term used to describe photo and video messages sent via the app, Snapchat marketed the app’s central feature as the user’s ability to send snaps that would “disappear forever" after the sender-designated time period expired. Despite Snapchat’s claims, the complaint describes several simple ways that recipients could save snaps indefinitely.

Consumers can, for example, use third-party apps to log into the Snapchat service, according to the complaint. Because the service’s deletion feature only functions in the official Snapchat app, recipients can use these widely available third-party apps to view and save snaps indefinitely. Indeed, such third-party apps have been downloaded millions of times.

Despite a security researcher warning the company about this possibility, the complaint alleges, Snapchat continued to misrepresent that the sender controls how long a recipient can view a snap.

In addition, the complaint alleges:

That Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app’s “sandbox,” meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device’s file directory.

That Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap. In fact, any recipient with an Apple device that has an operating system pre-dating iOS 7 can use a simple method to evade the app’s screenshot detection, and the app will not notify the sender.

That the company misrepresented its data collection practices. Snapchat transmitted geolocation information from users of its Android app, despite saying in its privacy policy that it did not track or access such information.

Collected contact info

The complaint also alleges that Snapchat collected iOS users’ contacts information from their address books without notice or consent. During registration, the app prompted users to, “Enter your mobile number to find your friends on Snapchat!” Snapchat’s privacy policy claimed that the app only collected the user’s email, phone number, and Facebook ID for the purpose of finding friends.

Despite these representations, when iOS users entered their phone number to find friends, Snapchat also collected the names and phone numbers of all the contacts in their mobile device address books. Snapchat continued to collect this information without notifying or obtaining users’ consent until Apple modified its operating system to provide such notice with the introduction of iOS 6.

For example, the complaint alleges that numerous consumers complained that they had sent snaps to someone under the false impression that they were communicating with a friend. In fact, because Snapchat failed to verify users’ phone numbers during registration, these consumers were actually sending their personal snaps to complete strangers who had registered with phone numbers that did not belong to them.

The complaint also alleges that Snapchat’s failure to secure its Find Friends feature resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers. According to the FTC, the exposure of this information could lead to costly spam, phishing, and other unsolicited communications.

Under the terms of its settlement with the FTC, Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.

In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.

Snapchat had a great thing going. Or at least it seemed to. The mobile messaging app promised consumers that they could say anything without worrying about it coming back to haunt them and promised that all communications were secure.

But the Federal Trade Commission says it wasn't so, and charged that Snapchat deceived consumers with promises about the disappearing nature of messages sent through the service.

Security warning: apps might be riskier than you think

One bad apple can spoil the whole bunch — and it look like one bad app can, too. Security researchers from the University of Michigan and the University of California/Riverside have discovered that certain types of mobile devices are riskier than previously believed.

To put the paper's results into layman's terms: the researchers believe they've discovered a previously unknown security weakness in Android, Windows and iOS mobile operating systems. There's a widespread belief that apps are self-contained – in other words, one app on your phone can't interfere with other apps.

But this might not be true. Qian said, “The assumption has always been that these apps can’t interfere with each other easily …. We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.”

App malware

It's basically the app equivalent of malware: hackers convince you to download a seemingly harmless app, perhaps offering pretty new background wallpaper for your phone. But the app is actually malicious, and once it's installed, according to UC/Riverside, “the researchers are able to exploit a newly discovered public side channel — the shared memory statistics of a process, which can be accessed without any privileges. (Shared memory is a common operating system feature to efficiently allow processes share data.)”

The researchers made and posted some videos showing in detail exactly how the process works; they were successful in attacking Gmail and H&R Block apps 92 percent of the time. Amazon, however, seems to have the best security of the seven companies they tested; only 48 percent of attempts against Amazon were successful.

One bad apple can spoil the whole bunch — and it look like one bad app can, too. Security researchers from the University of Michigan and the University of California/Riverside have discovered that certain types of mobile devices are riskier than previously believed.

Almost half of all Android OS devices vulnerable to “Android Installer Hijacking”

Major malware threat when downloading third-party apps

03/26/2015 | ConsumerAffairs

By Jennifer Abel

Bad news for Android phone users: security researchers at Palo Alto Networks have discovered a vulnerability they've dubbed “Android Installer Hijacking” in Google's Android operating systems, and even after the release of a security patch almost half of all Android handsets remain vulnerable to it.

The vulnerability seems to apply when you either download apps from third-party app stores, or click on ads from a mobile advertisement library. If you have an Android OS but have only ever downloaded apps from the official Google Play store, it appears you have nothing to worry about, at least where this particular threat is concerned.

According to Palo Alto researcher Zhi Xu, the vulnerability has been patched in Android versions 4.3_r0.9 and later, but devices with Android 4.3 remain vulnerable – which corresponds to roughly 49.9 percent of currently monitored handsets, according to Google estimates.

Xu wrote that Android Installer Hijacking is essentially a Time-Of-Check To Time-Of-Use vulnerability (TOCTTOU, pronounced “Tock Too”), which “allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge.”

Switcharoo

TOCTTOU is basically the malware version of what pre-computer con artists might've called “the old switcharoo.” Basically, before an app can be installed, it must pass the permissions process: your phone's security program inspects the file to make sure it's valid. And it is, so the app gets permission to be installed on your device – except that in the nanosecond between “granting permission to the file” and “installing it,” TOCTTOU lets the hacker pull the old switcharoo, replacing the valid permission-granted file for a invalid and malware-riddled one.

So what happens if your phone falls for this particular TOCTTOU? Your standard malware-infection problems – in this instance, “full access to a compromised device, including usernames, passwords, and sensitive data,” according to Palo Alto.

If you have a device with an Android OS, and you've downloaded third-party apps (as opposed to apps acquired through the Google Play store), Palo Alto released a vulnerability scanner app in the Google Play store, and posted a tutorial video for it here.

Bad news for Android phone users: security researchers at Palo Alto Networks have discovered a vulnerability they've dubbed “Android Installer Hijacking” in Google's Android operating systems, and even after the release of a security patch almost half of all Android handsets remain vulnerable to it.

The vulnerability seems to apply when you either download apps from third-party app stores, or click on ads from a mobile advertisement library. If you hav...

Researcher says the apps may contribute to an unhealthy obsession with health

Health and wellness have never been easier to manage than in the current age of technology. Information is now easily accessible, and there are a wealth of services that consumers can take advantage of to reach their fitness goals.

In particular, "health apps” have become increasingly popular. The question is, just how beneficial are these apps?

Many argue that health apps inspire people to adapt healthier lifestyles and stay committed to their health goals. They are extremely simple to access through smartphones and other devices that people use every day.

Iltifat Husain, editor of iMedicalApps.com, and assistant professor of emergency medicine at the Wake Forest School of Medicine, argues that the apps have great potential “to reduce morbidity and mortality.” He admits that there is not much research to support health app use, but that “doctors should not wait for scientific studies to prove benefits because these have already been shown.”

For example, Sylvia Warman, an office worker from London, believes that her health app has improved her life dramatically. She points out how much easier these apps make it to track her progress and adjust her lifestyle. She claims that her app has made her more conscious of her everyday choices. She is more active as a result, and has even improved her diet.

Too many choices

Despite these positive testimonials, there are some drawbacks to using these health apps. Because of the number of apps that have been produced, it is difficult to separate useful ones from those that are ineffective.

Des Spence, a general practitioner, argues that most health apps are “mostly harmless and likely useless,” but he cautions that there is another more serious danger associated with them -- they can play on the fears of “an unhealthily health obsessed generation.”

Spence points out that certain medical technologies, such as MRI’s and blood tests, are already overused. He believes that all of this extra technology leads to over-diagnosis which can “ignite extreme anxiety” and cause serious medical harm.

Whatever your opinion may be on the growth of these technologies, they will inevitably continue to progress. Luckily, the level to which they are utilized is still entirely up to the consumer.

Health and wellness have never been easier to manage than in the current age of technology. Information is now easily accessible, and there are a wealth of services that consumers can take advantage of to reach their fitness goals.

In particular, "health apps” have become increasingly popular. The question is, just how beneficial are these apps?

Many argue that health apps inspire people to adapt healthier lifestyles and stay committed to their health goal...

Affected apps include those for Safeway, Pizza Hut, NBA Game Time and Match.com

06/22/2015 | ConsumerAffairs

By Jennifer Abel

Android owners take note: security researchers from AppBugs, a free Android app designed to spot dangers in other apps on the same device, have discovered “dozens” of Android apps in the Google Play store that leave user passwords and other sensitive data exposed because the apps either fail to properly apply encryption, or don't bother applying it at all.

The faulty apps include the official apps from the National Basketball Association, Safeway supermarkets, Pizza Hut, and Match.com.

AppBugs' CEO Rui Wang told Ars Technica that the Match.com app uses an unencrypted hypertext transfer protocol to send user passwords, which in turn means pretty much anybody in a position to monitor the traffic (such as somebody using the same wi-fi network as the Match app user) to read those passwords.

Meanwhile, other apps including NBA Game Time and the Safeway and Pizza Hut apps do attempt encryption but don't apply it correctly, leaving those apps' users vulnerable to man-in-the-middle attacks (which allow hackers to alter, spy on or control data while it's traveling between the sender and receiver).

"S" for secure

“Hypertext transfer protocol” is the “http:” you see at the beginning of many web addresses. Essentially, it's the protocol that lets visitors view a website and send information back to the server. If, instead, you see an address starting with “https,” that's not the plural form of http; in this context, the “S” stands for “secure.”

So if you're engaged in sensitive, password-protected online activities – such as email, online banking or credit card activity – the web address for that page should start with “https,” not “http,” to indicate that your data is being encrypted before it's sent.

But AppBugs discovered that some Google Play apps, including Match.com, didn't bother using a secure “https” address in the first place, whereas other apps including Safeway and Pizza Hut at least made the attempt, but didn't implement it properly.

This is not the first time such flaws were discovered in official Google Play apps; last September, student researchers from City College of San Francisco discovered a fatal HTTPS flaw in several Android apps including those of OKCupid Dating and CityShop – for Craigslist. Those apps, like Safeway, NBA Game Time and others recently discovered by AppBugs, attempted and failed to apply secure encryption, leaving users vulnerable to man-in-the-middle attacks.

The faulty apps exposed by AppBugs have a total of more than 200 million downloads between them.

Android owners take note: security researchers from AppBugs, a free Android app designed to spot dangers in other apps on the same device, have discovered “dozens” of Android apps in the Google Play store that leave user passwords and other sensitive data exposed because the apps either fail to properly apply encryption, or don't bother applying it at all.

The faulty apps include the official apps from the National Basketball Association, Safeway supermarkets, Pizza Hut,...

The developer of an app called “Prized” has reached a settlement with the Federal Trade Commission and New Jersey's Attorney General over charges that the app hijacked users' mobile devices and used them to mine virtual currencies, or cryptocurrencies, on behalf of the app developer.

As part of the settlement, Ohio-based company Equiliv Investments and app developer Ryan Ramminger agreed to pay $50,000. The agreement says that $5,200 of that money will go to New Jersey to cover the state's legal costs, with the remaining $44,800 to be suspended and vacated after three years if Ramminger keeps to the rest of the agreement. In other words: if he doesn't create any more malware in the next three years, he'll get that $44,800 back. Ramminger and Equiliv are also supposed to destroy any customer information they collected while distributing the app.

Harvesting cyptocurrency without consent

The FTC's complaint, available in .pdf form here, says that Prized, which was available “since at least February 2014” in the Google Play and Amazon App Stores in addition to various third-party sites, claimed to “give consumers points redeemable for prizes in exchange for completing tasks, such as downloading affiliated apps, playing video games embedded with advertisements, or taking online surveys.”

Instead, the app used malware to turn people's devices into zombie miners harvesting cryptocurrency without the owners' knowledge. As the FTC explains: “Virtual currencies are created by solving complex mathematical equations, and the complaint alleges that the app attempted to harness the power of many users’ devices to solve the equations more quickly, thus generating virtual currency for the defendants.”

This, in turn, caused the devices' batteries to lose power more quickly and recharge more slowly, and also burned through users' data plans. Depending on how much data and computing power it used compared to how much the device actually had, the app was intrusive enough to potentially render the devices all but unusable.

And, of course, nobody received any of the redeemable “prize points” the app initially promised.

A "Trojan horse"

To top it all off, the Prized app's terms of use explicitly stated that “any computer software code and/or advertising tags loaded on an end users' device by Prized are and will be free of malware, spyware, time bombs, and viruses.”

Acting New Jersey Attorney General John J. Hoffman said, “Consumers downloaded this app thinking that at the very worst it would not be as useful or entertaining as advertised. Instead, the app allegedly turned out to be a Trojan horse for intrusive, invasive malware that was potentially damaging to expensive smartphones and other mobile devices.”

The developer of an app called “Prized” has reached a settlement with the Federal Trade Commission and New Jersey's Attorney General over charges that the app hijacked users' mobile devices and used them to mine virtual currencies, or cryptocurrencies, on behalf of the app developer.

As part of the settlement, Ohio-based company Equiliv Investments and app developer Ryan Ramminger agreed to pay $50,000. The agreement says that $5,200 of that money will go to New Jersey t...

Terms of Use Your use of this site constitutes acceptance of the Terms of Use.

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Partner with ConsumerAffairs for Brands If your company has a page on our site, we invite you to sign up for a Starter Account today to respond to your customers directly. Alternatively, you may call us at 1-866-773-0221.

The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.